Cyber Liability Program

The cyber liability program provides coverage for both first- and third-party claims. First-party coverage includes privacy regulatory claims, security breach response, business income loss, dependent business income loss, digital asset restoration costs, and cyber-extortion threats, while third-party coverage includes privacy liability, network security liability, and multimedia liability. Members work directly with the reinsurer to investigate and respond to claims.

Privacy regulatory claims
Coverage is provided for regulatory fines, consumer redress funds, and claim expenses that the member becomes legally obligated to pay as the result of a regulatory claim arising out of a privacy wrongful act. In essence, coverage is provided if the member is fined by regulators because of the member’s wrongful act.

Security breach response
Coverage is provided for crisis management costs and breach response costs that the member incurs in the event of a security breach with respect to personal, non-public information of others (including employees). In essence, this is the coverage for notifications and credit monitoring needs after a breach.

Business income loss
Coverage is provided to cover earnings loss and/or expenses loss resulting from a covered loss. In essence, coverage is provided to the member for the profits that the member would have earned if no such loss had occurred, and/or reasonable expenses the member incurs to allow the business to continue operation during the period of restoration.

Dependent business income loss
Coverage is provided to cover the lost income due to the shutdown/interruption of operations occurred at a “dependent” property, which is defined as any third party, other than a service provider, on whom the member depends for products and/or services required to conduct the member’s business. The member, for part of its operation, may rely on other entities such as a supplier, a buyer, a delivery company, a subcontractor, or a business nearby. In essence, this coverage reimburses the member the lost income resulting from the dependent’s shutdown due to a cyber event.

Digital asset restoration costs
Coverage is provided to cover the cost to recreate, rebuild or recollect digital assets defined as electronic data, including personally identifiable, non-public information, or computer software over which the member has direct control or for which such control has been contractually assigned by the member to a service provider. In essence, this coverage reimburses the member the cost to restore valuable information that is damaged or corrupted from a cyber event such as viruses, malicious code and Trojan horses.

Cyber-extortion threat
Coverage is provided to cover the member for the loss resulting from a credible threat or connected series of threats to attack the member’s computer system/network made by someone other than the member. In essence, it covers the settlement of an extortion threat against the member’s network and the cost of hiring a specialty security firm to investigate and negotiate with blackmailers.

Privacy liability (including employee privacy)
Coverage is provided for damages and claim expenses that the member becomes legally obligated to pay as the result of a claim arising out of a privacy wrongful act, which harms any third party or employee. In essence, this is the liability if the member is involved in breaching someone’s privacy rights, either protected by regulations or protected by the member’s own privacy statement.

Network security liability
Coverage is provided for damages and claim expenses that the member becomes legally obligated to pay as the result of a security wrongful act. In essence, this is for liability that may result from a security breach of the member’s system or of information the member holds.

Multimedia liability
Coverage is provided for damages and claim expenses that the member becomes legally obligated to pay as the result of a multimedia wrongful act. In essence, this is for liability that may result from the member’s online activities, such as plagiarism, libel and slander.

If an Incident or Breach Occurs

If a member becomes aware of an incident or breach, immediately:

CalltheData Incident Reporting Hotline at (855) 440-3400.

The Data Incident Reporting Hotline is to assist members and coordinate resources but does not satisfy the claim notification obligations. All claims/incidents, privacy wrongful acts or security wrongful acts must be reported as per the Memorandum of Coverage – Cyber Liability Program using the Authority’s online claim reporting system.

All incidents members consider as claims must be reported online using the link at the bottom of this page.

Calling the hotline

Brit, the reinsurer for the Cyber Liability Program, has partnered with ePlace to provide a hotline for members to call in the event of a claim or incident. Members should contact the Data Incident Reporting Hotline at 855-440-3400 to coordinate incident response resources.

Typical information necessary when calling the hotline includes:

Person most knowledgeable about the claim/incident with phone, alternate phone, and email

Best time to reach contact

Does the claim/incident involve services provided to anyone outside California?

Does the incident involve any of the following:

Lost or stolen laptop or wireless device (BlackBerry, iPhone, smartphone)

Cyber Liability Documents

Reporting Claims

Prompt notice of claims or circumstances that might lead to a claim is critical to mitigating any loss. Members need to provide notice immediately. It is important for all agency representatives to never express opinions regarding cause, fault or liability. When reporting a claim, members will need to include specific details of the act, possible resulting damages, facts by which the member first became aware of the act, and any computer system security and event logs providing evidence.